VYPR

rpm package

opensuse/kubernetes1.25&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/kubernetes1.25&distro=openSUSE%20Tumbleweed

Vulnerabilities (3)

  • CVE-2022-3294Mar 1, 2023
    affected < 1.25.7-1.1fixed 1.25.7-1.1

    Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoint

  • CVE-2022-3162Mar 1, 2023
    affected < 1.25.7-1.1fixed 1.25.7-1.1

    Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomRes

  • CVE-2022-27664Sep 6, 2022
    affected < 1.25.7-1.1fixed 1.25.7-1.1

    In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.